http://www.fcw.com/article103240-07-17-07-Web 

By Jason Miller
July 17, 2007

The Office of Management and Budget and the Homeland Security Department 
today explained 10 common mistakes agencies make when securing data and 
personal information and offered a host of best practices to correct 
each mistake.

In a new paper, Common Risks Impeding the Adequate Protection of 
Government Information [1], OMB and DHS discuss common problems in areas 
such as training, contracting and records management.

OMB and DHS developed this paper as a part of the Presidents Identity 
Theft Task Force recommendations.

All of the best practices and important resources are interrelated, and 
they can help agencies address the risks associated with information 
security and privacy programs, said Karen Evans, OMBs administrator for 
information technology and e-government.

In the paper, OMB and DHS recommend agencies take steps to protect data. 
These include tailoring training to employees with significant security 
and privacy responsibilities, incorporating the Federal Acquisition 
Regulation language into all contracts and agreements and developing a 
standard operating procedure that describes how to identify and report 
suspicious activities or incidents.

The paper also provides resources from OMB, DHS and the National 
Institute of Standards and Technology for agencies to refer to when 
implementing the best practices.

[1] http://csrc.nist.gov/pcig/document/Common-Risks-Impeding-Adequate-Protection-Govt-Info.pdf 


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com